Cenzic Takes Competitor Pieces

What are you supposed to do when your competitors are bought? If you're Cenzic, you take a piece of each for yourself.

The application security vendor has watched its key competitors get absorbed
by a pair of the biggest names in IT. IBM took Watchfire and HP bought out SPI Dynamics.

Now Cenzic is integrating both Watchfire and SPI Dynamics data in Cenzic Hailstorm Enterprise 5.0, which the company announced today.

"What we're doing in 5.0 is integrating with all the different solutions that
exist into a centralized dashboard," Cenzic CEO John Weinschenk told
internetnews.com.

"We've developed a product that will take input
data from both the source code scanning products as well as SPI Dynamics and
Watchfire to give users an über dashboard. We now have the ability to test
applications and be able to provide imported results from other solutions, as
well as our own in a continuous Web-based environment."

Cenzic Hailstorm Enterprise ARC (Application Risk Controller) 5.0 also
includes seamless integration with Fortify's Source Code Analyzer .
Additionally Cenzic has a managed service called ClickToSecure ARC, which
offers similar functionality as Hailstorm.

The Cenzic solutions provide application vulnerability visibility through
the entire software development lifecycle. The breadth of applications that
Cenzic can analyze is broad and isn't limited to any one type of framework
or specific server technology.

"We don't care. As long as it [the application] has a URL and we can get to
it from a Web browser we can attack it," Weinschenk said.

Though there are always trends to be noted in application vulnerability,
Weinschenk wasn't keen to point out any one particular attack vector or
vulnerability in applications as being a key trend. He said there is too
much hype about the top-five things people should test for. Those top five might
only represent 70 percent of all vulnerabilities.

"The problem is the 30 percent that you're not testing that could be
serious," Weinschenk said.

The integration with solutions from Watchfire and SPI Dynamics enables
Cenzic users to import results, which is something that Weinschenk noted was a
key request from customers. He explained that Cenzic has some large
companies that use their solutions, and those companies always use more than
one solution so that they can audit results.

By being able to import
results into one dashboard, it simplifies the auditing and vulnerability
assessment.

The integration also comes at a key time, with the acquisitions of Watchfire
and SPI Dynamics. Weinschenk argued that Watchfire and SPI customers will
get hurt until IBM and HP figure out the integration.

"It's good timing for us since now that we have integration, you can import
results and you don't lose anything," Weinschenk said.

So with Cenzic's two closest competitors being bought out, when will Cenzic go? Weinschenk would only say that he'll do what's right for shareholders.

"I do think there is a bigger play in app security than tying into quality
assurance solutions," Weinschenk added.

"There is a huge play in app
security for all of the security companies to be able to provide a
management of all app security as part of their offering as opposed to tying
into an IBM Rational or HP's Mercury interactive, which is what's taking
place with SPI and Watchfire."